EnCase Forensic software enables the examiners to quickly uncover critical evidence and complete deep forensic investigations, and to create compelling reports on their findings. With advanced capabilities and the powerful EnScript® programming language, EnCase Forensic has long been the go to digital forensic solution worldwide. Is has an easy to use web-like user interface, automated configurable evidence processing, unified search across the entire case, customizable reporting templates, simple email review, integrated smart phone & tablet acquisition, and Optimized Case Management, including native encryption capabilities
EnCase Portable is composed of two components, Triage and Collect. Triage allows forensic experts and non-experts alike to quickly review information in the field, in real time, without altering or damaging the information stored on a computer. By executing pre-configured triage searches, users can quickly browse pictures, view internet history, see who has been using a computer, and much more. With Collect, anyone can become an extension of an organization’s computer forensic incident response team. Running collection searches, pre-configured by the experts, anyone can perform forensically sound collections in the field. Collect can be used to create a bit-by-bit copy of a computer’s hard drive or perform a targeted collection based on the criteria required for the specific situation. In addition, with Collect, Investigating Officers can collect an exact copy of a computer’s memory, which can contain valuable information pertinent to an investigation.
Belkasoft Evidence Center 2017 is an all-in-one forensic solution for acquiring, locating, extracting, and analyzing digital evidence stored inside computers and mobile devices. Belkasoft Evidence Center makes it easy for an investigator to acquire, search, analyze, store and share digital evidence found inside computer and mobile devices. The toolkit will quickly extract digital evidence from multiple sources by analyzing hard drives, drive images, memory dumps, iOS, Blackberry and Android backups, UFED, JTAG and chip-off dumps. Evidence Center will automatically analyze the data source and lay out the most forensically important artifacts for investigator to review, examine more closely or add to report.
Amped FIVE : Video Enhancement Amped FIVE is the most complete software for enhancing and analyzing images and videos during investigations. A single tool to analyze crime scene photos, enhance surveillance and intelligence video with a workflow compatible with forensic needs and constraints.
Amped Authenticate : Effective Photo Forensics Authenticate is a photo analysis software for forensic image authentication and tamper identification. Several tools are available to determine whether an image can be trusted and thus accepted as evidence and verify if a photo has been taken from a specific device.
AccessData Triage (AD Triage) is a portable computer forensics solution to acquire data. It is a forensically sound and easy to use triage tool for on the scene preview and acquisition of computers (either live or shut down). With the help of this tool, the forensics examiner as well as non forensics personnel alike can acquire volatile and all or targeted hard drive data from a system in just minutes. Law enforcement agencies can preserve evidence securely without having to wait hours for a forensics expert to arrive on the scene. You can preview the file system and target data by criteria, including keyword(s), hash, regular expression, file size, date and time, extensions, file path and illicit images. In addition, users can collect network and system information, as well as live memory. It allows you to acquire the full disk, a volume, or peripheral devices, saving data to a USB device or an external hard drive and exports the data to a designated location on the same network. You can pre-configure your AD Triage device to automatically acquire only the data you’ve selected, allowing inexperienced users to safely and effectively use the tool.
Steganography Detection & Analysis Suite (Stego Suite) provides investigators with advanced steganograpy investigation capabilities. This suite includes four software tools Stego Hunter, StegoWatch, StegoAnalyst and StegoBreak, allowing investigators to detect, analyze and in certain circumstances recover hidden information.
Gargoyle Investigator - Forensic Pro Edition includes very advanced malware detection and identification. The tool can search for “bad programs” and can provide information like suspect’s intentions, activities and motives.
The Forensic Tool Kit (FTK) is an integrated computer forensics solution which allows you to create images, process a wide range of data types from forensic images to email archives, analyze the registry, conduct an investigation, decrypt files, crack passwords, and build a report. It recovers passwords from more than 100 applications. It has a KFF hash library with 45 million hashes and provides advanced automated analysis without the need for scripting.
A new expansion module includes malware analysis and visual analytics from within the integrated platform. It provides threat scores and dis-assembly analysis to determine both the behavior and intent of suspect binaries. You can view data in multiple display formats, including timelines, cluster graphs, pie charts etc. and quickly determine relationships in the data, find key pieces of information, and generate reports.
Each copy of FTK allows one examiner machine and three distributed workstations. It supports 32-bit and 64-bit Windows® OS, and provides comprehensive analysis of volatile data and static RAM analysis from an image or against a live system. Also, it does MAC analysis.